from the whuh? dept

When it comes to the private sector, it's not rare thing to see lawsuits over press leaks. Typically, those lawsuits target the person or entity responsible for the leak itself. While the real irritation in these leaks for companies comes from seeing them reported in the press, suing the press for reporting on a leak is fraught with statutory barriers.

Which is what makes it so odd to discover that TrustedReviews, a website that publishes news and reviews in the video game industry, disappeared an article it posted months ago discussing leaked information on the now released Red Dead Redemption 2. Oh, and it agreed to pay over a million dollars to charities of Rockstar's choice.

The British website TrustedReviews today pulled an article, apologized to publisher Take-Two Games, and said it was donating 1 million pounds ($1.3 million) to charity after publishing leaked information about Red Dead Redemption 2 in February of this year. It’s a radical move that raises serious questions about editorial independence and legal threats against the press.

TrustedReviews, which is owned by TI Media (formerly Time Inc, UK), is a technology website that publishes deals and reviews. In February, it published an article, sourcing a leaked internal Rockstar document, that listed details from Red Dead Redemption 2, which would come out eight months later. The article contained a list of bullet-points that claimed, among other things, that you’d be able to play all of Red Dead 2 in first-person (true) and that the online component would have a battle royale mode (to be determined).

Reporting on leaks of this sort is common, of course, particularly in the entertainment industries. While content companies have attempted to sue over everything from leaks to publishing spoilers, these threats and suits rarely go anywhere. If press freedoms in a given country are at all a thing, reporting from confidential sources on leaks is almost always included. The UK has its "State Secrets" nonsense, but that doesn't apply here.

Which makes all of this bizarre. Adding to the whole thing is TrustedReviews bending over backwards to fully apologize publicly, not in any way lamenting this outcome.

“On February 6, 2018, we published an article that was sourced from a confidential corporate document,” the website now reads. “We should have known this information was confidential and should not have published it. We unreservedly apologise to Take-Two Games and we have undertaken not to repeat such actions again. We have also agreed to donate over £1 million to charities chosen by Take-Two Games.”

Nothing about this makes sense, unless TrustedReviews was somehow involved in the leak itself, rather than simply reporting on it. There is nothing publicly suggesting that is the case, so we're instead left to assume that the site simply didn't want to engage in a costly lawsuit brought by Rockstar, who we have to assume threatened one. On the other hand, a $1.3 million payout isn't exactly peanuts either.

Frustratingly, everyone appears to be in the dark here. If only another press outlet could obtain a leak of what exactly the hell is going on here, we might get some clarity.

from the don't-they-teach-lawyers-the-1st-amendment-any-more? dept

Back in the early days of Techdirt, we used to talk about legal disputes involving so-called "sucks sites" -- i.e., web addresses that use a company or organizations' name along with a disparaging adjective, in order to setup a website criticizing the company. In the early 2000s there were a bunch of legal disputes in which overly aggressive lawyers would threaten and/or sue the operators of such sites, claiming they were trademark infringement. Spoiler alert: they were not trademark infringement. There was never any confusion over whether or not the sites were actually endorsed by the trademark-holder (because the sites were criticizing the trademark holder.) Nor, in most cases, was there any commercial activity, which is necessary for a trademark violation.

For the most part, lawyers have finally learned that going after sucks sites is a bad idea and we don't hear of as many cases these days. But they do sometimes pop up. The latest is particularly stupid, involving the University of California, Los Angeles (UCLA). The details are laid out for you nicely by Adam Steinbaugh of FIRE (the Foundation for Individual Rights in Education), an organization focused on protecting free speech on campus.

You see, UCLA had done this before. Way back in 2009 it had threatened a critical site run by a former student:

In 2009, the university sent a letter to former student Tom Wilde, alleging that his website’s domain names, ucla-weeding101.info and .com, infringed on the university’s trademarks and amounted to a criminal act under California Education Code Section 92000, which purports to authorize public universities to police virtually any use of their name or acronym. FIRE wrote to UCLA in 2009, explaining that the First Amendment protects “cybergriping” websites and noting that the university’s purported authority under the California Education Code was contrary to the university’s obligations under the First Amendment.

But, as you likely guessed, they've done it again. And, here's the real kicker: UCLA sent a letter to the same guy over the same website. As Steinbaugh notes, the latest letter is less threatening and more friendly, talking about giving Wilde a "friendly reminder" and asking as a "courtesy" for him to "remedy" his claimed misuses of UCLA's trademark and... building images (?!?). FIRE again took up the case, reminding UCLA of what happened a decade ago and asking it to retract the letter. Incredibly, UCLA refused to do so, saying that Wilde was creating confusion by using similar images and design. However, a quick comparison of the two sites suggests that no one is going to be confused that the one on the left is officially a part of the one on the right:

UCLA also had claimed in its new letter that it sent that in response to "an inquiry" about Wilde's site. FIRE filed a public records request to find out who the hell "inquired." Turns out: it was a UCLA staff member on the external affairs team who sent an email pointing to the site and saying:

Grumpy former student has created this FB page and website…was thinking that the Royce Hall image and use of UCLA in the domain name might both be no-nos.

This was under the subject "protecting the brand."

Right. So this wasn't someone confused about the site. It was someone who thought that they could go after a site that was critical of UCLA by abusing trademark law -- something that has long been a non-starter, and which is an insult to the First Amendment.

You know how you protect your brand? By not threatening critics with a potential legal attack over First Amendment protected speech. And, also, not doing that twice.

from the round-and-round-we-go dept

Before Comcast, AT&T, Verizon and friends convinced the Trump FCC to ignore the public and kill net neutrality, they attempted to dismantle the rules legally. That effort didn't go very well, with the U.S. Court of Appeals for the D.C. Circuit upholding the FCC's Open Internet Order in June of 2016, and ISPs losing a subsequent en banc appeal. More specifically, the courts found that the former Wheeler-run FCC was well within its legal right to reclassify ISPs as common carriers under the Telecom Act.

But, last August, lawyers for the FCC and Department of Justice (at direct telecom industry behest) filed a brief (pdf) with the Supreme Court, urging it to vacate the 2016 court ruling that upheld the Wheeler-era net neutrality rules. The move was necessary, FCC lawyers claimed, because the FCC's comically-named "Restoring Internet Freedom" proposal had somehow "repudiated those factual and legal judgments." If you watched as the FCC repealed net neutrality using little more than lobbyist fluff and nonsense, it should be fairly obvious to you that wasn't true.

So what was the telecom industry and its BFFs in the Trump administration trying to do? They know their repeal of net neutrality was so filled with procedural missteps and outright fraud that they're worried it will be overturned by next year's net neutrality lawsuits, opening arguments for which begin in February. As such, they were hoping to undermine the established legal precedent supporting the 2015 rules in a bid to ensure they couldn't and wouldn't be restored.

That gambit hasn't worked. The Supreme Court this week stated it wouldn't be hearing the case (pdf). While the announcement states that Justices Clarence Thomas, Samuel Alito and Neil Gorsuch would have taken up the case, the Washington Post notes that John Roberts and newly-appointed Justice Brett Kavanaugh were required to recuse themselves because of conflicts of interest, leaving the telecom industry without enough court backing to move forward:

Three of the Court’s justices — Clarence Thomas, Samuel Alito and Neil M. Gorsuch — would have voted to take up the case, according to the Court’s announcement, and overturn a lower court’s decision backing the Federal Communications Commission’s net neutrality rules, which were originally passed in 2015. But there were not enough justices for a majority, after Chief Justice John G. Roberts Jr. and Justice Brett M. Kavanaugh recused themselves. (Roberts' financial disclosures show that he owns stock in Time Warner, which is now owned by AT&T under the name WarnerMedia, while Kavanaugh took part in the case as a judge in the lower court.)

As we've noted in the past, Kavanaugh was more than eager to support the telecom industry argument that net neutrality violated their First Amendment rights, despite the fact that's obviously not true. While Verizon, Comcast, and AT&T lawyers claimed that blocking content and services amounts to an "editorial decision," in reality, ISPs aren't editors; they're simply connecting people to services. Still, "net neutrality violated ISPs' First Amendment rights" was an argument ISP lawyers basically threw at a wall to see if it would stick, and Kavanaugh was more than happy to agree.

Of course while the Supreme Court has refused to hear this case, they could be hearing future cases depending on how next year's net neutrality lawsuits (filed by 23 State AGs and Mozilla) go. ISP lawyers have routinely claimed at this point that any state or federal attempt to hold them accountable for poor service or fraud is a violation of their First Amendment rights, and Kavanaugh's sure to play an un-recused, starring role in many of these cases, one way or another.

The key to the report is that they have identified some truly fascinating patterns that they've spotted among a cluster of users on Twitter, who, at the very least appear to be acting in a manner that suggests some attempt to influence others. I should note that unlike other such reports that jump to conclusions, the authors of this report are very, very, very clear that they're not saying these are "bots." Nor are they saying these are Russian trolls. Nor are they saying that a single source is controlling them. Nor are they saying that everyone engaged in the activity they spotted is officially part of whatever is happening. They note it is entirely possible that some very real people are a part of what's happening and might not even know it.

However, what they uncovered does appear strange and notable. It certainly looks like coordinated behavior, at least in part, and it appears to be designed to boost certain messages. The report specifically looks at statements on Twitter about voter fraud using the hashtag #voterfraud, but it appears that this "network" is targeting much more than that. What made the report's authors take notice is that in analyzing instances of the use of the tag #voterfraud, they noticed that it appeared to have a "heartbeat." That is, it would spike up and down on a semi-regular basis, based on nothing in particular. There wasn't a specific news hook why this entire network would suddenly talk about #voterfraud, and they wouldn't talk about it all the time. But... every month or so there would suddenly be a spike.

From there, they started digging into the accounts involved in this particular activity. And they found a very noticeable pattern:

We wanted to know how these accounts were coming onto Twitter and gaining mentions at such a high velocity — what was leading accounts to gain influence, so quickly? So we took a sample set of accounts from a group of suspicious Voter Fraud accounts and started looking at their activity day-by-day, starting at day one. What we began to notice is a pattern for how the influence machine might be working, and how coordination could be happening.

Here's the consistent network pattern we saw:

User signs up for an account.

User starts replying to multiple accounts—some known verified Twitter users and many other accounts that are also on our list of actors, or that fit a similar profile.

The replies tend to contain: text, memes, hashtags, and @mentions of other accounts, building on common themes.

At some point the pattern shifts from being all replies to original tweets. Those original tweets contain the same types of content as their replies do.

It appears that this pattern cycles and repeats when the next batch of new accounts come online. The next batch starts replying to the existing, newly influential accounts, and carry on with the same sequence of events for gaining influence.

The report highlights this pattern with a few example accounts, though the full study looked at (and continues to look at) many, many more. What you see over and over again are Twitter feeds of people who seem to do little other than constantly tweet pro-Trump memes and disinformation, and yet magically get thousands and tens of thousands of retweets, often coming out of nowhere. Here's one example:

The gray line at the bottom is the number of tweets. The black line is the number of mentions from others. Notice how it goes from nothing to around 10,000 in no time? Sometimes the accounts are more or less dormant for a while, before suddenly becoming massively popular for no clear reason at all:

Again, as the report makes clear, these aren't necessarily bots (though, they may be). They aren't necessarily even aware that they're a part of something. But the patterns seen over and over and over and over again are uncanny. And it certainly provides strong circumstantial evidence of some sort of influence operation -- and it's one that appears to continue to grow and grow.

As the report notes:

We don’t know why this activity is occurring, or who is behind it. However, the best we can do is look at the data around what’s actually happening. What we've discovered along the way is that there are overlapping patterns of behavior, demonstrating some form of coordination.

We think it's possible that some of these accounts don't realize that they're coordinating or part of a larger influence network. For example, one of these sample accounts might genuinely care about Voter Fraud. A bad actor, coordinating large numbers of accounts could find this person’s tweets useful, then amplify those tweets through thousands of @mentions and replies.

By focusing on the hard data around coordination, we can better understand how public conservations are being distorted and how it affects society. Whatever your views are on Voter Fraud, these accounts and the accounts that amplify them are rapidly accelerating their activity in the lead-up to Election Day.

Similarly, of course, it's not clear that this is actually having any impact on anyone's views. But it's at least worth looking at what happens when there is what appears to be massively coordinated activity, mostly focused around spreading disinformation regarding the election and more. The full methodology of the report is available on the site, as are the names of 200 of the accounts studied.

What's fascinating, of course, is the sheer size of what's happening, and the level of coordination necessary to make it happen. Twitter's response to the report (as noted in the Bloomberg article) is pretty much what you'd expect Twitter to say:

“While we prohibit coordinated malicious behavior, and enforce accordingly, we’ve also seen real people who share the same views organize using Twitter,” the company’s statement said. “This report effectively captures what often happens when hot button issues gain attention and traction in active groups.”

Indeed, that's part of what's so tricky here. Could this kind of thing happen organically? Well, certainly much of it can. Lots of people who share the same views on any particular subject often will see surges in conversations around those topics, including lots of retweets, mentions and replies. But the pattern here definitely looks different. When these things happen organically, they tend to have a fairly different rhythm, either a lot more sustained, or the spikes are much more spread out and explainable (e.g., there was some news event that tied to the topic). Similarly, it is hard to see how so many pseudononymous people, who no one else really knows, magically all jump up to thousands or tens of thousands of mentions with no clear explanation for their sudden and sustained fame.

But this is also why Twitter is put in an impossible position if it's expected to spot all of this. Even with so much evidence, it's still possible that what Guardians.ai spotted was organically formed. It may seem unlikely, but how can you tell? And you can bet that there are some with less than virtuous intent, who are actively figuring out ways to increasingly make all of this activity look organic. Expecting that Twitter, or any company, can always magically determine what is and what is not "authentic" behavior online, is an impossible task. And the very fact that it might sweep up some perfectly innocuous accounts in the process also makes it troubling to expect that the platform should be in charge of sorting out who's who and who's real in these kinds of situations. But, then again, if these kinds of disinformation campaigns truly are having an impact on influencing the public, that too should be a concern. Either way, as the report highlights, there is still much work to be done in analyzing how social networks are being used to influence the public.

from the good-deals-on-cool-stuff dept

Small and discreet, but powerful, TREBLAB's X11 earbuds exemplify the best of truly wireless tech. Whether you're running, working out, doing chores, or just going about your commute, these buds have your soundtrack covered with elite Bluetooth audio. Packed with advanced features like passive noise cancellation and a built-in mic, the X11's will be your everyday listening solution.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

from the can-we-not? dept

Okay, let's start with this. Can we all agree -- no matter what your party, ideological, or candidate preference -- that in any election where you are up for one of the offices, that you shouldn't be the one in charge of safeguarding the integrity of the election? This seems like a fairly basic point concerning democracy, that if you're a candidate for office, you should recuse yourself from anything involving election integrity. However, that's not the way things work around here, apparently. In at least three key elections this year, current secretaries of state, who are in charge of election integrity, are running for higher office while being in charge of counting their own votes. It just so happens that this year all three of those cases involve Republicans (and all three of those Republicans have a long and fairly detailed history of voter suppression tactics), but the issue applies equally to Democrats who might be in the same position. No one who is in charge of election integrity should ever be in the position of running for office at the same time.

But let's focus in on just one of the three individuals in that situation this year: Republican Brian Kemp, Georgia's Secretary of State, who is in a very heated campaign to be Governor of Georgia, campaigning against Democrat Stacey Abrams. As you may know, our stated policy on Techdirt is that we tend not to name the party affiliation of any politician, unless it truly matters to the story. That's because in this age of red team/blue team insanity, many people determine what they agree or disagree with depending on the color of the uniform. However, in this story, the party affiliations matter, not for which one is which (we could have posted an identical story with the party's changed), but because the dispute here clearly involves partisan politics.

After a failed attempt to hack the state's voter registration system, the Secretary of State's office opened an investigation into the Democratic Party of Georgia on the evening of Saturday, November 3, 2018. Federal partners, including the Department of Homeland Security and Federal Bureau of Investigation, were immediately alerted.

"While we cannot comment on the specifics of an ongoing investigation, I can confirm that the Democratic Party of Georgia is under investigation for possible cyber crimes," said Candice Broce, Press Secretary. "We can also confirm that no personal data was breached and our system remains secure."

Before we dig into what appears to have happened, it's time to take a little jump back in time. You see, back in 2016, Georgia Secretary of State Kemp also raised the alarm about what he claimed was an attempt by the US Department of Homeland Security to "breach" his office's firewall. Kemp sent an angry letter to then DHS boss Jeh Johnson, insisting that this was a sneaky attempt by DHS to do penetration testing and test the security of Georgia's election systems without permission.

An earlier, internal DHS investigation into the reported incident showed that the "attempt to penetrate the Georgia Secretary of State's firewall" was actually residual traffic from a Federal Law Enforcement Training Center employee checking the Georgia firearms license database. That employee said he was doing due diligence on private security contractors for the facility.

That traffic, the first report determined, was caused by the employee cutting and pasting data from the database to Microsoft Excel, which sent light traffic to the Georgia server while parsing the data. That traffic would have been in no way abnormal.

The DHS inspector general, which operates independently from the DHS chain of command, conducted a second investigation. It validated the first report's results

That report further noted that "the DHS internet addresses that contacted the Georgia systems could not be used to attack those systems in the way Kemp described."

And, as you'll see, this article is already so long that we won't bother with more other than a link to another story about how Kemp has been credibly accused of destroying evidence in a still ongoing lawsuit about whether or not Georgia's voting system was hacked.

So, Kemp already has some credibility problems with "crying wolf" about supposed hacks of his computer systems before. And those should only increase given what appears to have lead to yesterday's claim of an "investigation." The small, but respected investigative journalism site WhoWhatWhy has a fairly detailed look at what happened and it looks really, really bad for Kemp. You see, on Saturday, the Democratic Party of Georgia had discovered massive vulnerabilities in the voter registration system overseen by Kemp, and had passed those details on to security experts... and then someone passed them along to WhoWhatWhy.

Just before noon on Saturday, a third party provided WhoWhatWhy with an email and document, sent from the Democratic Party of Georgia to election security experts, that highlights “massive” vulnerabilities within the state’s My Voter Page and its online voter registration system.

According to the document, it would not be difficult for almost anyone with minimal computer expertise to access millions of people’s private information and potentially make changes to their voter registration — including canceling it.

The publication spoke to a bunch of security experts, who all noted (correctly) that actually testing the vulnerabilities would be illegal, but...

...several logged onto the My Voter Page to look at the code used to build the site — something any Georgian voter could do with a little instruction — and confirmed the voter registration system’s vulnerabilities.

They all agreed with the assessment that the data of voters could easily be accessed and changed.

“For such an easy and low hanging vulnerability to exist, it gives me zero confidence in the capabilities of the system administrator, software developer, and the data custodian,” Kris Constable, who runs a privacy law and data security consulting firm, told WhoWhatWhy. “They should not be trusted with personally identifiable information again. They have showed incompetence in proper privacy-protecting data custodian capabilities.”

From the reporting, it appears that the vulnerability is the kind of mistake that was common on the web two decades ago, that once you've logged in you can access anyone else's content just by changing the URL. Basically anyone with any degree of knowledge of online security learned to block such a vulnerability at least a decade or more ago. It is astounding that such a vulnerability might still exist online, let alone on something as vital and key to democracy as a state election system.

It appears that this is the basis of Kemp's new investigation. The Democratic Party had discovered just how poorly Kemp's own team had built its online voter registration system, and his response is to blame the messenger. Of course, we see this kind of thing all the time in writing about vulnerabilities reporting, and we've always pointed out how ridiculous it is. But here, it's been taken to a new level, because beyond the usual dynamic, here we have the Republican running for Governor overseeing the insecure voting registration system, and it's the opposing candidate's party who discovered the vulnerability. This is beyond "blame the messenger." It's "blame the messenger who not only showed my own incompetence, but is also running against me for my shot at the big time."

A later story on WhoWhatWhy details that it wasn't the Democratic Party who had discovered the vulnerability in the first place, but rather someone else, who then contacted a lawyer for someone already suing Kemp over weaknesses in Georgia's election system:

A man who claims to be a Georgia resident said he stumbled upon files in his My Voter Page on the secretary of state’s website. He realized the files were accessible. That man then reached out to one of Cross’s clients, who then put the source and Cross in touch on Friday.

The next morning, Cross called John Salter, a lawyer who represents Kemp and the secretary of state’s office. Cross also notified the FBI.

As noted above, WhoWhatWhy reached out to multiple security experts who all confirmed the vulnerability -- and apparently all five of them noted that actually testing the vulnerability would be illegal. But all five of them were able to just look at the code on the site and confirm the vulnerability was real and could be used to alter voter information in the rolls, which is an especially big deal considering that one of Kemp's voter suppression methods was to insist that if any tiny bit of your information did not match what was in the rollbook, you couldn't vote.

The report further notes that the security researchers approached by WhoWhatWhy reached out to both US intelligence officials and the Coalition for Good Government, who also reached out to Kemp's own lawyers to alert him to the problems in the system:

Bruce Brown, a lawyer for the group, then reached out to Kemp’s attorneys to alert them of the problem. At 7:03 PM Saturday night, he emailed John Salter and Roy Barnes, former governor of Georgia, in their capacities as counsel to Secretary of State Kemp, to notify them of the serious potential cyber vulnerability in the registration files that had been discovered without any hacking at all, and that national intelligence officials had already been notified.

[....]

“What is particularly outrageous about this, is that I gave this information in confidence to Kemp’s lawyers so that something could be done about it without exposing the vulnerability to the public,” Brown told WhoWhatWhy. “Putting his own political agenda over the security of the election, Kemp is ignoring his responsibility to the people of Georgia.”

You really should read the entire WhoWhatWhy article (or, actually, both of the ones I've linked to here) because it goes into much more detail than I've described here, and all of it is mind-bogglingly stupid. Just to give you a taste, the report details not just one, but multiple vulnerabilities, including this:

In the code of the website — which anybody can access using their internet browser — there is a series of numbers that represent voters in a county. By changing a number in the web browser’s interface and then changing the county, it appears that anybody could download every single Georgia voter’s personally identifiable information and possibly modify voter data en masse.

In addition, voter history, absentee voting, and early voting data are all public record on the secretary of state’s website. If a bad actor wanted to target a certain voting group, all of the information needed is available for download.

“It’s so juvenile from an information security perspective that it’s crazy this is part of a live system,” Constable said.

Oh, and then there's this: while Kemp's office insist what they are misleadingly calling a hack from the Democratic Party "failed," according to the various security experts WhoWhatWhy spoke to, there didn't appear to be any logging, meaning there wouldn't necessarily be a way to see if anyone had actually changed the information. It goes on and on like this.

And, rather than admitting a fuck up of colossal proportions for a voting system, Kemp is claiming the Democratic Party of Georgia hacked the election system. Again, no matter who you support as a candidate, can we at least all agree that something is rotten in the state of Georgia when it comes to how they manage their election systems?

from the get-off-my-damn-lawn dept

For years now, streaming video providers like HBO and Netflix have taken a relatively-lax approach to password sharing. Netflix CEO Reed Hastings has gone so far as to say he "loves" password sharing, and sees it as little more than free advertising. Execs at HBO (at least before the AT&T acquisition), have similarly viewed password sharing in such a fashion, arguing that young users in particular that share their parents password get hooked on a particular product via password sharing, then become full subscribers down the road once they actually have disposable income.

On the other side of the equation sits Charter CEO Tom Rutledge, one of the highest paid execs in media. He, in contrast, has long complained that he views password sharing as "piracy", and has consistently promised to crack down on the practice. Rutledge and his fellow executives gave a particularly rousing "get off my lawn" lecture at a media event last year:

"There’s lots of extra streams, there’s lots of extra passwords, there’s lots of people who could get free service,” Rutledge said at an industry conference this month...“It’s piracy,” Connolly said. “It’s people consuming something they haven’t paid for. The more the practice is viewed with a shrug, the more it creates a dynamic where people believe it’s acceptable. And it’s not."

Of course it's far from "piracy" if it's being sanctioned by the companies doing it, with an eye on generating product awareness and happy customers. That last bit is something Rutledge could use some lessons on. Rutledge fixates on password sharing when he should be focused on why exactly his company continues to bleed subscribers to these cheaper, more flexible traditional cable alternatives. Hint: endless rate hikes, historically terrible customer service, and megamergers

Last week Rutledge was at it again. During his company's latest earnings call, Rutledge proclaimed that streaming providers like HBO and Netflix clearly "don't know what they're doing" because they've refused to crack down on the villainous practice of password sharing:

"By the content companies going over the top without having the experience of being distributors, they’ve done that in a way without securing their content, which any distributor would theoretically do if they knew what they were doing. But that hasn’t been the case, so you have free service all over the country through passwords,” Rutledge said. “The reality is television can be had fairly easy without paying for it."

Granted just because television can sometimes be "had fairly easy without paying for it" doesn't mean it's bad, or it's "piracy." Millions of users increasingly are flocking to over the air antennas as an alternative to the bloated, expensive cable bundles execs like Rutledge simply can't move on from. It's worth noting that this is a "problem" that really isn't. Most streaming services already limit simultaneous streams per account, and being able to share your password with a limited set of friends and family members is part of the value equation you're paying for.

It's also worth noting that when HBO or Netflix execs acknowledge the trend, they note there really aren't all that many users actually doing it. As such, if there's something Rutledge wants to spend several years hyperventilating over, it should probably be his company's continued failure to actually listen to consumers, and offer a better product with support that isn't ranked among the worst of any company, in any industry in America.

from the redefining-'social-media-strategy' dept

This flow of especially pointless lawsuits doesn't appear be drying up -- fed mainly from the (revenue) streams maintained by 1-800-LAW-FIRM and Excolo Law. Neither does the flow of courtroom losses. These two firms are responsible for most of the lawsuits we've covered that attempt to hold social media companies responsible for international acts of terrorism.

The legal theory behind the suits is weak. Attempting to avoid Section 230 immunity, the suits posit that the presence of terrorists on social media platforms is a violation of various federal laws targeting terrorist organizations. Section 230 defenses have been raised by Twitter, Facebook, et al, but these usually aren't addressed by the courts because there's not enough in the terrorism law-related arguments to keep the suits alive.

In Fields, the Ninth Circuit addressed what is meant by the phrase “by reason of an act of international terrorism.” It began by noting that the “‘by reason of’ language requires a showing of proximate causation.” Fields, 881 F.3d at 744. It rejected the plaintiffs’ contention that “proximate causation is established under the ADA when a defendant’s ‘acts were a substantial factor in the sequence of responsible causation,’ and the injury at issue ‘was reasonably foreseeable or anticipated as a natural consequence.’” Id. Instead, it held that, “to satisfy the ATA’s ‘by reason of’ requirement, a plaintiff must show at least some direct relationship between the injuries that he or she suffered and the defendant’s acts.”4 Id. (emphasis added).

And, although the facts of this case are a little different than the cited decision, the allegations in the plaintiff's lawsuit undermine its arguments about direct or proximal responsibility.

The instant case is somewhat different from Fields in that, here, Plaintiffs have made one allegation suggesting that Mr. Masharipov’s attack was in one way causally affected by ISIS’s presence on the social platforms. Specifically, Plaintiffs allege that Mr. Masharipov was “radicalized by ISIS’s use of social media.” FAC ¶ 493. However, this conclusory allegation is insufficient to support a plausible claim of proximate causation.

Plaintiffs do not allege that Mr. Masharipov ever saw any specific content on social media related to ISIS. Nor are there even any factual allegations that Mr. Masharipov maintained a Facebook, YouTube, and/or Twitter account. Furthermore, there are allegations in the complaint suggesting that there were other sources of radicalization for Mr. Masharipov. See, e.g., FAC ¶ 337 (alleging that Mr. Masharipov “had previously received military training with al-Qaeda in Afghanistan in 2011”); see also Iqbal, 556 U.S. at 678 (stating that, “[w]here a complaint pleads facts that are ‘merely consistent with’ a defendant’s liability, it ‘stops short of the line between possibility and plausibility of “entitlement to relief”’”). Finally, a direct relationship is highly questionable in light of allegations suggestive of intervening or superseding causes – in particular, Plaintiffs have alleged that, after becoming radicalized, Mr. Masharipov would have a “year-long communication and coordination [with] Islamic State emir Abu Shuhada” to carry out the Reina attack. FAC ¶ 334. Moreover, Plaintiffs fail to allege any clear or direct linkage between Defendants’ platforms and the Reina attack.

The allegations under another anti-terrorism law are no better. This argument posits the existence of terrorist-owned accounts is the same thing as providing support for terrorist acts or organizations. The court again finds the allegations don't approach the legal requirements for liability.

Here, Plaintiffs have failed to allege that Defendants played a major or integral part in ISIS’s terrorist attacks; for example, there are no allegations that ISIS has regularly used Defendants’ platforms to communicate in support of terrorist attacks. Also, for factor (4), i.e., the defendant’s relation to the principal wrongdoer, the Halberstam court indicated that a close relationship or a relationship where the defendant had a position of authority could weigh in favor of substantial assistance. Here, there is no real dispute that the relationship between Defendants and ISIS is an arms’-length one – a market relationship at best. Rather than providing targeted financial support,[...] Defendants provided routine services generally available to members of the public. As to factor (5), i.e., the defendant’s state of mind, the Halberstam court indicated that, where the defendant “showed he was one in spirit” with the principal wrongdoer, id., that could also weigh in favor of substantial assistance. Cf. NAACP v. Claiborne Hardware Co., 458 U.S. 886, 920 (1982) (noting that, “[f]or liability to be imposed by reason of association alone, it is necessary to establish that the group itself possessed unlawful goals and that the individual held a specific intent to further those illegal aims”). But here there is no allegation that Defendants have any intent to further ISIS’s terrorism.

The entire suit -- including state claims for wrongful death and emotional distress -- are dismissed with prejudice. The only thing left for the plaintiffs to do is appeal, and this decision quotes generously from this jurisdiction's appellate decision in a similar case, which should hopefully deter them from wasting any more of the Ninth Circuit's time.